From 2be25c00863990165c8a4dcce2cd1249dd549d36 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Mon, 29 Oct 2018 13:45:02 +0100 Subject: [PATCH 01/11] Parameterize salt identifier with cluster_name - allow to define more clusters than one. --- salt/control/virt.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/control/virt.sls b/salt/control/virt.sls index 08e6158..0805b2d 100644 --- a/salt/control/virt.sls +++ b/salt/control/virt.sls @@ -20,7 +20,7 @@ update-guestfs-appliance: {%- if cluster.engine == "virt" %} -salt_libvirt_service: +salt_libvirt_service_{{ cluster_name }}: service.running: - name: {{ control.virt_service }} - enable: true @@ -108,7 +108,7 @@ salt_control_virt_{{ cluster_name }}_{{ node_name }}: {%- endif %} - unless: virsh list --all --name| grep -E "^{{ node_name }}.{{ cluster.domain }}$" - require: - - salt_libvirt_service + - salt_libvirt_service_{{ cluster_name }} {%- if node.get("autostart", True) %} From 144b32412a1018ac9e632d2fcc46412b2a589d23 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Thu, 29 Nov 2018 18:10:13 +0100 Subject: [PATCH 02/11] Dynamic dns registration support. --- metadata/service/minion/dns_register.yml | 2 ++ salt/map.jinja | 6 ++++++ salt/master/ddns_registrator.sls | 15 +++++++++++++++ salt/master/init.sls | 3 +++ salt/minion/dns_register.sls | 4 ++++ salt/reactor/node_ddns_register.sls | 17 +++++++++++++++++ 6 files changed, 47 insertions(+) create mode 100644 metadata/service/minion/dns_register.yml create mode 100644 salt/master/ddns_registrator.sls create mode 100644 salt/minion/dns_register.sls create mode 100644 salt/reactor/node_ddns_register.sls diff --git a/metadata/service/minion/dns_register.yml b/metadata/service/minion/dns_register.yml new file mode 100644 index 0000000..471aedd --- /dev/null +++ b/metadata/service/minion/dns_register.yml @@ -0,0 +1,2 @@ +applications: +- salt.minion.dns_register diff --git a/salt/map.jinja b/salt/map.jinja index 71f50c1..56b3834 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -30,9 +30,13 @@ default: Arch: pkgs: - salt + ddns_pkgs: + - python-dnspython Debian: pkgs: - salt-master + ddns_pkgs: + - python-dnspython Gentoo: pkgs: - app-admin/salt @@ -42,6 +46,8 @@ MacOS: RedHat: pkgs: - salt-master + ddns_pkgs: + - python-dnspython {%- endload %} {%- if pillar.salt.master is defined %} diff --git a/salt/master/ddns_registrator.sls b/salt/master/ddns_registrator.sls new file mode 100644 index 0000000..09c218b --- /dev/null +++ b/salt/master/ddns_registrator.sls @@ -0,0 +1,15 @@ +{%- from "salt/map.jinja" import master with context %} +{%- if master.get('ddns:server', False) %} + +ddns_registrator_packages: + pkg.installed: + - names: {{ master:ddns_pkgs }} + +ddns_keys_file: + file.managed: + - name: /etc/salt/ddns.keyring + - source: salt://salt/files/ddns.keys + - template: jinja + - mode: 600 + +{%- endif %} diff --git a/salt/master/init.sls b/salt/master/init.sls index 0352299..da6af7a 100644 --- a/salt/master/init.sls +++ b/salt/master/init.sls @@ -3,6 +3,9 @@ include: {%- if pillar.salt.master.reactor is defined %} - salt.master.reactor {%- endif %} +{%- if pillar.salt.master.ddns is defined %} +- salt.master.ddns_registrator +{%- endif %} - salt.master.env - salt.master.pillar - salt.master.minion diff --git a/salt/minion/dns_register.sls b/salt/minion/dns_register.sls new file mode 100644 index 0000000..cd36f4f --- /dev/null +++ b/salt/minion/dns_register.sls @@ -0,0 +1,4 @@ +send_dns_register_event: + event.send: + - name: dns/node/register + - net_info: {{ pillar.linux.network.get('host', {}) }} diff --git a/salt/reactor/node_ddns_register.sls b/salt/reactor/node_ddns_register.sls new file mode 100644 index 0000000..9bddf92 --- /dev/null +++ b/salt/reactor/node_ddns_register.sls @@ -0,0 +1,17 @@ +{%- for rec_name, record in data.data.get('net_info', {}).iteritems() %} +{%- for name in record.get('names', []) if '.' in name %} +{%- set hostname, domain = name.split('.',1) %} + +ddns_node_register_{{ name }}_{{ loop.index }}: + runner.ddns.add_host: + - args: + - zone: {{ domain }} + - name: {{ hostname }} + - ttl: 300 + - ip: {{ record.get('address', '127.0.0.127') }} + - keyname: salt-updates + - keyfile: /etc/salt/dns.keyring + - nameserver: {{ salt['grains.get']('ddns_server', '127.0.0.1') }} + - keyalgorithm: 'HMAC-MD5.SIG-ALG.REG.INT' +{%- endfor %} +{%- endfor %} From ecaf8ade66538d46d40ad6565671edfcc490c9aa Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Fri, 30 Nov 2018 16:04:42 +0100 Subject: [PATCH 03/11] Finished ddns registrator via saltmaster --- salt/files/ddns.keyring | 6 ++++++ salt/master/{ddns_registrator.sls => ddns.sls} | 9 ++++----- salt/master/init.sls | 2 +- salt/minion/dns_register.sls | 1 + salt/reactor/node_ddns_register.sls | 10 ++++++---- 5 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 salt/files/ddns.keyring rename salt/master/{ddns_registrator.sls => ddns.sls} (55%) diff --git a/salt/files/ddns.keyring b/salt/files/ddns.keyring new file mode 100644 index 0000000..5d41dfa --- /dev/null +++ b/salt/files/ddns.keyring @@ -0,0 +1,6 @@ +{%- from "salt/map.jinja" import master with context -%} +{ +{%- for key in master.ddns.get('keys', []) %} +"{{ key.name }}.": "{{ key.key }}"{{ "," if not loop.last else "" }} +{%- endfor %} +} diff --git a/salt/master/ddns_registrator.sls b/salt/master/ddns.sls similarity index 55% rename from salt/master/ddns_registrator.sls rename to salt/master/ddns.sls index 09c218b..e28b4bc 100644 --- a/salt/master/ddns_registrator.sls +++ b/salt/master/ddns.sls @@ -1,14 +1,13 @@ {%- from "salt/map.jinja" import master with context %} -{%- if master.get('ddns:server', False) %} - -ddns_registrator_packages: +{%- if master.get('ddns', {}).get('enabled', False) %} +ddns_packages: pkg.installed: - - names: {{ master:ddns_pkgs }} + - names: {{ master.ddns_pkgs }} ddns_keys_file: file.managed: - name: /etc/salt/ddns.keyring - - source: salt://salt/files/ddns.keys + - source: salt://salt/files/ddns.keyring - template: jinja - mode: 600 diff --git a/salt/master/init.sls b/salt/master/init.sls index da6af7a..cdc2f92 100644 --- a/salt/master/init.sls +++ b/salt/master/init.sls @@ -4,7 +4,7 @@ include: - salt.master.reactor {%- endif %} {%- if pillar.salt.master.ddns is defined %} -- salt.master.ddns_registrator +- salt.master.ddns {%- endif %} - salt.master.env - salt.master.pillar diff --git a/salt/minion/dns_register.sls b/salt/minion/dns_register.sls index cd36f4f..8e4eaee 100644 --- a/salt/minion/dns_register.sls +++ b/salt/minion/dns_register.sls @@ -2,3 +2,4 @@ send_dns_register_event: event.send: - name: dns/node/register - net_info: {{ pillar.linux.network.get('host', {}) }} + - ddns: {{ pillar.salt.minion.get('ddns', {}) }} diff --git a/salt/reactor/node_ddns_register.sls b/salt/reactor/node_ddns_register.sls index 9bddf92..2529eae 100644 --- a/salt/reactor/node_ddns_register.sls +++ b/salt/reactor/node_ddns_register.sls @@ -1,3 +1,4 @@ +{%- set ddns = data.data.get('ddns', {}) %} {%- for rec_name, record in data.data.get('net_info', {}).iteritems() %} {%- for name in record.get('names', []) if '.' in name %} {%- set hostname, domain = name.split('.',1) %} @@ -7,11 +8,12 @@ ddns_node_register_{{ name }}_{{ loop.index }}: - args: - zone: {{ domain }} - name: {{ hostname }} - - ttl: 300 + - ttl: {{ ddns.get('ttl', 300) }} - ip: {{ record.get('address', '127.0.0.127') }} - - keyname: salt-updates - - keyfile: /etc/salt/dns.keyring - - nameserver: {{ salt['grains.get']('ddns_server', '127.0.0.1') }} + - keyname: {{ ddns.get('keyname', 'salt-updates') }} + - keyfile: /etc/salt/ddns.keyring + - nameserver: {{ ddns.get('server', '127.0.0.1') }} - keyalgorithm: 'HMAC-MD5.SIG-ALG.REG.INT' + - timeout: 10 {%- endfor %} {%- endfor %} From 5167efd3af0c589519bbcd503f2ac6f1b4a8274f Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Sun, 2 Dec 2018 22:27:45 +0100 Subject: [PATCH 04/11] Update readme and make test pillar for ddns. --- README.rst | 38 +++++++++++++++++++++++++++++++++++++ tests/pillar/master_dns.sls | 26 +++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 tests/pillar/master_dns.sls diff --git a/README.rst b/README.rst index 2e836bf..ccbbbcb 100644 --- a/README.rst +++ b/README.rst @@ -727,6 +727,44 @@ Syndicated master with multiple master of masters: - host: master-of-master-host2 timeout: 5 +Dynamic DNS configuration +------------------------- + +Salt master can register minions in DNS server using DDNS (dynamic DNS) +update mechanism via salt.runners.ddns module. DNS server with dynamic +updates allowed is required. Authorization via {tsig-key} is available. +Recommended is DNS server configured via salt-formula-bind. +Mechanism uses event-reactor system. + +Master pillar: + + .. code-block:: yaml + salt: + master: + ddns: + enabled: True + keys: + key: + name: + reactor: + dns/node/register: + - salt://salt/reactor/node_ddns_register.sls + +Minion pillar: + + .. code-block:: yaml + salt: + minion: + ddns: + server: + keyname: + ttl: 300 + +Minions can be registered in DNS calling: + + .. code-block:: bash + salt '*' state.apply salt.minion.dns_register + Salt Minion ----------- diff --git a/tests/pillar/master_dns.sls b/tests/pillar/master_dns.sls new file mode 100644 index 0000000..7df614a --- /dev/null +++ b/tests/pillar/master_dns.sls @@ -0,0 +1,26 @@ +git: + client: + enabled: true +linux: + system: + enabled: true +salt: + master: + enabled: true + command_timeout: 5 + worker_threads: 2 + reactor_worker_threads: 2 + source: + engine: pkg + pillar: + engine: salt + source: + engine: local + ddns: + enabled: True + keys: + key: 'yEdG9/x8Sb+efi27GyeXNg==' + name: salt-updates + reactor: + dns/node/register: + - salt://salt/reactor/node_ddns_register.sls From 912ad8cdacec2d5ec9cccc3b12ee64b8af7985e2 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Sun, 2 Dec 2018 22:45:08 +0100 Subject: [PATCH 05/11] Fixed README.~ --- README.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index ccbbbcb..171ec2a 100644 --- a/README.rst +++ b/README.rst @@ -738,7 +738,7 @@ Mechanism uses event-reactor system. Master pillar: - .. code-block:: yaml +.. code-block:: yaml salt: master: ddns: @@ -752,7 +752,7 @@ Master pillar: Minion pillar: - .. code-block:: yaml +.. code-block:: yaml salt: minion: ddns: @@ -762,7 +762,7 @@ Minion pillar: Minions can be registered in DNS calling: - .. code-block:: bash +.. code-block:: bash salt '*' state.apply salt.minion.dns_register Salt Minion From ce9b339ce80884af76363a0682f826da0b38b694 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Sun, 2 Dec 2018 22:47:03 +0100 Subject: [PATCH 06/11] Fixed README. --- README.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.rst b/README.rst index 171ec2a..97bc989 100644 --- a/README.rst +++ b/README.rst @@ -739,6 +739,7 @@ Mechanism uses event-reactor system. Master pillar: .. code-block:: yaml + salt: master: ddns: @@ -753,6 +754,7 @@ Master pillar: Minion pillar: .. code-block:: yaml + salt: minion: ddns: @@ -763,6 +765,7 @@ Minion pillar: Minions can be registered in DNS calling: .. code-block:: bash + salt '*' state.apply salt.minion.dns_register Salt Minion From 90acc2998ed49d55dd89295396632883b5db6b93 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Thu, 6 Dec 2018 10:50:48 +0100 Subject: [PATCH 07/11] Add static DNS records pushing ability. --- README.rst | 18 ++++++++++++++--- metadata/service/minion/dns_static.yml | 2 ++ salt/minion/dns_static.sls | 5 +++++ salt/minion/init.sls | 5 +++++ ...ns_register.sls => ddns_node_register.sls} | 0 salt/reactor/ddns_static_records.sls | 20 +++++++++++++++++++ 6 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 metadata/service/minion/dns_static.yml create mode 100644 salt/minion/dns_static.sls rename salt/reactor/{node_ddns_register.sls => ddns_node_register.sls} (100%) create mode 100644 salt/reactor/ddns_static_records.sls diff --git a/README.rst b/README.rst index 97bc989..ed997e3 100644 --- a/README.rst +++ b/README.rst @@ -749,7 +749,9 @@ Master pillar: name: reactor: dns/node/register: - - salt://salt/reactor/node_ddns_register.sls + - salt://salt/reactor/ddns_node_register.sls + dns/static/records: + - salt://salt/reactor/ddns_static_records.sls Minion pillar: @@ -761,12 +763,22 @@ Minion pillar: server: keyname: ttl: 300 + dns_static: + zone.example.com: + - name: appname + type: CNAME + value: appserver01 -Minions can be registered in DNS calling: -.. code-block:: bash +Manual calling: +.. code-block:: bash + # Minion register salt '*' state.apply salt.minion.dns_register + + # Static DNS records + salt '*' state.apply salt.minion.dns_static + Salt Minion ----------- diff --git a/metadata/service/minion/dns_static.yml b/metadata/service/minion/dns_static.yml new file mode 100644 index 0000000..43e85cf --- /dev/null +++ b/metadata/service/minion/dns_static.yml @@ -0,0 +1,2 @@ +applications: +- salt.minion.dns_static diff --git a/salt/minion/dns_static.sls b/salt/minion/dns_static.sls new file mode 100644 index 0000000..859d809 --- /dev/null +++ b/salt/minion/dns_static.sls @@ -0,0 +1,5 @@ +send_dns_static_event: + event.send: + - name: dns/static/records + - records: {{ pillar.salt.minion.get('dns_static', {}) }} + - ddns: {{ pillar.salt.minion.get('ddns', {}) }} diff --git a/salt/minion/init.sls b/salt/minion/init.sls index 0575952..40ba88c 100644 --- a/salt/minion/init.sls +++ b/salt/minion/init.sls @@ -13,4 +13,9 @@ include: {%- endif %} {%- if pillar.salt.minion.env_vars is defined %} - salt.minion.env_vars +{%- if pillar.salt.minion.ddns is defined %} +- salt.minion.dns_register +{%- if pillar.salt.minion.dns_static is defined %} +- salt.minion.dns_static +{%- endif %} {%- endif %} diff --git a/salt/reactor/node_ddns_register.sls b/salt/reactor/ddns_node_register.sls similarity index 100% rename from salt/reactor/node_ddns_register.sls rename to salt/reactor/ddns_node_register.sls diff --git a/salt/reactor/ddns_static_records.sls b/salt/reactor/ddns_static_records.sls new file mode 100644 index 0000000..ff7cf90 --- /dev/null +++ b/salt/reactor/ddns_static_records.sls @@ -0,0 +1,20 @@ +{%- set ddns = data.data.get('ddns', {}) %} +{%- for zone_name, zone in data.data.get('records', {}).iteritems() %} +{%- for record in zone %} + +ddns_update_{{ zone_name }}_{{ loop.index }}: + runner.ddns.update: + - args: + - zone: {{ zone_name }} + - name: {{ record['name'] }} + - ttl: {{ ddns.get('ttl', 300) }} + - rdtype: {{ record['type'] }} + - data: {{ record['value'] }} + - keyname: {{ ddns.get('keyname', 'salt-updates') }} + - keyfile: /etc/salt/ddns.keyring + - nameserver: {{ ddns.get('server', '127.0.0.1') }} + - timeout: 10 + - replace: True + - keyalgorithm: 'HMAC-MD5.SIG-ALG.REG.INT' +{%- endfor %} +{%- endfor %} From d55691a1258f2b2c103ae0587fedb1ebd606b73c Mon Sep 17 00:00:00 2001 From: Tomas Pipota Date: Thu, 6 Dec 2018 10:57:58 +0100 Subject: [PATCH 08/11] Fixed README. --- README.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index ed997e3..de4aae8 100644 --- a/README.rst +++ b/README.rst @@ -765,9 +765,9 @@ Minion pillar: ttl: 300 dns_static: zone.example.com: - - name: appname - type: CNAME - value: appserver01 + - name: appname + type: CNAME + value: appserver01 Manual calling: @@ -775,7 +775,7 @@ Manual calling: .. code-block:: bash # Minion register salt '*' state.apply salt.minion.dns_register - + # # Static DNS records salt '*' state.apply salt.minion.dns_static From f06dcbdbee59a841ad617e384989cf74e08652ae Mon Sep 17 00:00:00 2001 From: Tomas Pipota Date: Thu, 6 Dec 2018 10:58:51 +0100 Subject: [PATCH 09/11] Fixed README. --- README.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/README.rst b/README.rst index de4aae8..e805ac1 100644 --- a/README.rst +++ b/README.rst @@ -773,6 +773,7 @@ Minion pillar: Manual calling: .. code-block:: bash + # Minion register salt '*' state.apply salt.minion.dns_register # From 7e27892bdee3d32790bbc42e8e2d79d0d0475bb9 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Thu, 6 Dec 2018 11:37:56 +0100 Subject: [PATCH 10/11] Use ddns.create instead of update. --- salt/reactor/ddns_static_records.sls | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/reactor/ddns_static_records.sls b/salt/reactor/ddns_static_records.sls index ff7cf90..8f8be5e 100644 --- a/salt/reactor/ddns_static_records.sls +++ b/salt/reactor/ddns_static_records.sls @@ -2,8 +2,8 @@ {%- for zone_name, zone in data.data.get('records', {}).iteritems() %} {%- for record in zone %} -ddns_update_{{ zone_name }}_{{ loop.index }}: - runner.ddns.update: +ddns_record_{{ zone_name }}_{{ loop.index }}: + runner.ddns.create: - args: - zone: {{ zone_name }} - name: {{ record['name'] }} @@ -14,7 +14,6 @@ ddns_update_{{ zone_name }}_{{ loop.index }}: - keyfile: /etc/salt/ddns.keyring - nameserver: {{ ddns.get('server', '127.0.0.1') }} - timeout: 10 - - replace: True - keyalgorithm: 'HMAC-MD5.SIG-ALG.REG.INT' {%- endfor %} {%- endfor %} From fe9bc6b45a404831529be6554132e09a31b79a76 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Thu, 6 Dec 2018 13:18:19 +0100 Subject: [PATCH 11/11] Fix minion init file. --- salt/minion/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/minion/init.sls b/salt/minion/init.sls index 40ba88c..f5ddb85 100644 --- a/salt/minion/init.sls +++ b/salt/minion/init.sls @@ -13,6 +13,7 @@ include: {%- endif %} {%- if pillar.salt.minion.env_vars is defined %} - salt.minion.env_vars +{%- endif %} {%- if pillar.salt.minion.ddns is defined %} - salt.minion.dns_register {%- if pillar.salt.minion.dns_static is defined %}